W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2011

Re: #290: Motivate one-year limit for Expires

From: Brian Pane <brianp@brianp.net>
Date: Sun, 24 Jul 2011 11:16:06 -0700
Message-ID: <CAAbTgTsXrNsx1jYwsAjMAbwxUFaHySfPmGqxJgzpfjOMxgiUAQ@mail.gmail.com>
To: Willy Tarreau <w@1wt.eu>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On Sun, Jul 24, 2011 at 10:53 AM, Willy Tarreau <w@1wt.eu> wrote:

>> So, I propose we remove the requirement and replace it with something like:
>>
>> """
>> Historically, HTTP required the Expires field-value to be no more than a year in the future. While longer freshness lifetimes are no longer prohibited, extremely large values have been demonstrated to cause problems (e.g., clock overflows), and senders ought not produce them.
>> """
>
> But if more than one year is often the cause of a config error or bad clock,
> shouldn't we suggest that destinations ignore the large value instead ?

I think the problem with ignoring on the client side is that the
clients that would need to ignore large values the most are probably
those least likely to detect the problem.  E.g, if you send this:

    Expires: Fri, 01 Jan 2100 00:00:01 GMT

to a client that uses 32-bit Unix time_t values to hold times, how
will that client interpret it?  The implementation might be able to
detect the overflow, but maybe not.

-Brian
Received on Sunday, 24 July 2011 18:16:33 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:45 GMT